Add to collection(s) Add to saved
  1. Math
  2. Advanced Math
  3. Logic

Summer School - Number Theory for Cryptography F. Morain

advertisement 
Summer School - Number Theory for Cryptography
F. Morain
Tutorial, 2013/06/26
1. a) Program the p − 1 method, together with its standard continuation.
b) Program Brent’s continuation.
√
c) Let us describe a Baby-Step-Giant-Step continuation. Select w ≈ B2 , v1 = dB1 /we, v2 = dB2 /we.
Write our prime s as s = vw − u, with 0 ≤ u < w, v1 ≤ v ≤ v2 . Using the√fact that gcd(bs − 1, N ) > 1 iff
gcd(bwv − bu , N ) > 1, give an algorithm to perform the search for s in O( B2 ) operations. Implement it
and compare it to the continuations already given.
2. Let p = 2k + 1 and q = 4k + 1 be prime (with k ≥ 5) and N = pq. Show that for all a prime to N , one has
gcd(ak! − 1, N ) = N . Show how to modify the p − 1 method of factoring to recover p and q in that special
case.
3. Give parametrizations of elliptic curves over Q having a 2-torsion point, respectively torsion subgroup of
order 4, in Weierstrass or Edwards form. Are they interesting to use in ECM?
4. Program ECM.
5. (a) Let ω = 2s t, with integers s and t, t odd. One considers the sequence y0 = 1, yk = 2yk−1 mod ω. Let
e be the order of 2 in (Z/tZ)∗ . Show that the length and tail of the iteration are respectively s and e.
(b) Let p be a prime and f : Z/pZ −→ Z/pZ such that f (x) = x2 . Define (ak ) by a0 = a (where
k
a 6≡ 0 mod p) and ak = f (ak−1 ) = a2 mod p. Let ω = 2s t be the order of a modulo p. Compute the cycle
length and tail length of the cycle of the sequence (ak ). Numerical values: p = 59, a = 2. Is the function f
suitable for the ρ method?
(c) Let K be a field, and u, v two non-zero elements of K. Show that if u + 1/u = v + 1/v, then u = v or
u = 1/v.
k
k
(d) Let a 6= 1, a ∈ (Z/pZ)∗ . Put x0 = a + 1/a, f (x) = x2 − 2 mod p, xk = f (xk−1 ). Hence, xk = a2 + a−2 .
Let ω = 2s t be the ordre of a modulo p. Let (H) denote the assertion: “the equation 2` ≡ −1 mod t has
at least one solution”. Prove that if (H) is satisfied, the length of the cycle of (xk ) is e/2; otherwise, this
length is equal to e. Compute the tail length.
(e) Let x0 ∈ Z/pZ. Assume there is no solution to x0 = a + 1/a for a ∈ (Z/pZ)∗ . Let α ∈ Fp2 \ Fp such that
s
x0 = α + 1/α. Let ω = 2s t be the ordre of α in Fp2 and e the ordre of 2 modulo t. Show that α, α2 , . . ., α2
s+e
s
are all distinct in Fp2 and that α2
= α2 . Define xk = f (xk−1 ) with f (x) = x2 − 2 (mod p). Show that
if (H) is true, the cycle length is e/2 and e otherwise. Compute the tail length. Numerical values: p = 5,
x0 = 1.
(f) What happens if one uses f (x) = x2 − 2 in the ρ method?
1
Related documents
Math 350 – Practice Exam 1
Math 350 – Practice Exam 1
MA342J: Introduction to Modular Forms Homework 5, due on March 28
MA342J: Introduction to Modular Forms Homework 5, due on March 28
Factorization of Quadratic Sieve
Factorization of Quadratic Sieve
Pries: 405 Number Theory, Spring 2012. Homework 5. Due: Friday 2/24.
Pries: 405 Number Theory, Spring 2012. Homework 5. Due: Friday 2/24.
Homework 8
Homework 8
Document10389957 10389957
Document10389957 10389957
Math 470 Exam 1 Sample Problems September 22, 2011
Math 470 Exam 1 Sample Problems September 22, 2011
Mathematics 360 Homework (due Dec 11) A. Hulpke
Mathematics 360 Homework (due Dec 11) A. Hulpke
Practice problems for Midterm 1
Practice problems for Midterm 1
20 years of ECM
20 years of ECM
Download
advertisement